Conversation

Notices

1. Embed this notice
   Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 02:50:10 JST Patrick Howell O'Neill

   i've seen literally 50x more people complaining about the toothbrush thing compared to actual blogs, which is funny to me but okay, I understand.

   It's probably significant that all the places i've seen publish it are mass production reblog factories. all due respect, these are not well regarded news outlets. maybe that's not obvious to the general public or even the cyber expert public? There's a difference.

   contrary to the viral outrage, this is absolutely not an example of "a dozen well-regarded news outlets" being tricked. It's still worth learning from as an example of the pitfalls of aggregation but you all could act a little less outraged, if I didn't know better I'd think this thing was just published on the front page of the washington post. everyone, drink a glass of water and get some air. This is not a big deal :)

   • Embed this notice
     Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 02:56:52 JST Patrick Howell O'Neill

     • Kevin Beaumont

     @GossiTheDog I must be misunderstanding the independent, I see it badly and slowly aggregating tech news all the time but I'm not a brit. And the front page of Microsoft news is almost always garbage. In fact, normally it's more impactful garbage that i unfortunately have to see regularly. Sorry, I still don't think that's a huge deal.

     If the BBC published it, okay, that would warrant the reaction. As it is, it's a minor and very silly misunderstanding. I'm open to the idea that I'm missing something but right now it just looks like a funny fixation on a strange little story that no one outside of cyber cares about anyway. We're in a bubble.

     This isn't meant to be an attack on you btw. I think the work you do to respond to media issues is super valuable. I just think, in aggregate, this community is overreacting.

   • Embed this notice
     Xavier «X» Santolaria :verified_paw: :donor: (0x58@infosec.exchange)'s status on Friday, 09-Feb-2024 02:59:38 JST Xavier «X» Santolaria :verified_paw: :donor:

     • Kevin Beaumont

     @GossiTheDog @howelloneill They only wanted to deflect attention on the FortiSIEM new flaws announcement fiasco :flan_laugh:

   • Embed this notice
     Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 03:05:12 JST Patrick Howell O'Neill

     • Kevin Beaumont

     @GossiTheDog yeah I just saw some posts talking about how this was an example of highly trusted outlets going astray and, to be blunt, I just don't see any highly trusted outlets there is all. I see aggregation noise. Again, not good and worth examining! Just not worth this level of group outrage imo

   • Embed this notice
     Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 03:06:37 JST Patrick Howell O'Neill

     in reply to

     • Kevin Beaumont
     • Zack Whittaker

     @zackwhittaker @GossiTheDog I think aggregation with no vetting is not going away any time soon, unfortunately, and that's ultimately what this is about.

     your concern about desensitization is valid and real. however, the issue of cyber fatigue is so vast that I am extremely skeptical that one weird little toothbrush story makes significant impact. Every six months we have a new worst vulnerability ever headline, a huge breach, mass exploitation, etc.

     Again, you're totally right to have an issue here! Maybe the best case scenario is that this helps the general reader understand which publications are aggregation factory and which do actual reporting. That would be a good outcome.

     I just think any time the outrage goes more viral than the bad story itself, we can all take a step back and consider how much it really mattered

   • Embed this notice
     Zack Whittaker (zackwhittaker@mastodon.social)'s status on Friday, 09-Feb-2024 03:06:37 JST Zack Whittaker

     in reply to

     • Kevin Beaumont

     @howelloneill @GossiTheDog totally! and in the end it's always worth remembering that nothing matters anyway.

   • Embed this notice
     Zack Whittaker (zackwhittaker@mastodon.social)'s status on Friday, 09-Feb-2024 03:06:38 JST Zack Whittaker

     • Kevin Beaumont

     @GossiTheDog @howelloneill right, i feel that this was largely a failure of the media outlets that chase clicks and views and the authors that are incentivized as such. but on the occasion misinfo spins like this and big outlets consider covering, if not least to "dispel rumors" or under the guise of disinfo watch, it can amplify it even more. we need better media literacy (unlikely) and many outlets to be less click-driven — even if that means publishing less (not holding my breath either).

   • Embed this notice
     Zack Whittaker (zackwhittaker@mastodon.social)'s status on Friday, 09-Feb-2024 03:06:38 JST Zack Whittaker

     in reply to

     • Kevin Beaumont

     @GossiTheDog @howelloneill for me, the issue i have with this story blowing up is that i worry it desensitizes the reader to actual harms and threats out there. sometimes saying nothing at all (by not writing about it) is the best thing (in my view/opinion). but there's no incentive for media outlets to do that.

   • Embed this notice
     Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 03:10:49 JST Patrick Howell O'Neill

     • Kevin Beaumont

     @GossiTheDog fair enough, maybe the viral outrage prevents further harm in a big way. that's an interesting hypothesis and could very well be true. as it is, the outrage went more viral than the story from my anecdotal perspective, and that warrants some self-examination imo. my optimistic hope is that this leads the outraged readers to be better at identifying which outlets are primarily aggregation machines rather than journalism outlets

   • Embed this notice
     Brett Callow (brett@infosec.exchange)'s status on Friday, 09-Feb-2024 03:11:43 JST Brett Callow

     • Kevin Beaumont

     @GossiTheDog @howelloneill

     "3 million smart toothbrushes were not used in a DDoS attack after all, **but it could happen**"

     https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-not-used-in-a-ddos-attack-but-they-could-have-been/

   • Embed this notice
     Bruce Mirken (brucemirken@mas.to)'s status on Friday, 09-Feb-2024 03:20:38 JST Bruce Mirken

     in reply to

     • Kevin Beaumont

     @howelloneill @GossiTheDog Speaking as someone who does PR for a living, I think the aggregation machines have become dangerously prevalent, and many of them are utter garbage.

   • Embed this notice
     Patrick Howell O'Neill (howelloneill@infosec.exchange)'s status on Friday, 09-Feb-2024 03:27:26 JST Patrick Howell O'Neill

     • Kevin Beaumont
     • Bruce Mirken

     @GossiTheDog @BruceMirken now anti-ai hype outrage, that I'm completely onboard for